“So Sande bought a new gizmo called the WeMo Switch, which connects to the Internet so you can turn on an outlet remotely. It’s also programmable. Using the free web service If This Then That, Sande created a script that monitors information from Yahoo Weather. If the temperature in his neighborhood hits 85 degrees, the fan turns itself on and cools the house.”
Ralph Langner: “it is difficult to understand the fuzz around Duqu and the water facility hack when all of Stuxnets vulnerabilities are still there, with exploit code in the wild, and an ICS-CERT that officially says it doesnt intend to do anything about it. “
“Using examples from our findings along with working PoC exploit code and a scanner capable of identifying Industrial Control Systems that we are releasing, we will teach you how to research and find ICS software vulnerabilities yourself.”
Blog post from the dude who reverse engineered the payload. Adorable. “Um… this is the first publicly-known rootkit that can blow things up.”
Finally people realizing that you can burn out equipment and break buildings with the internet. Stuxnet etc.
Well at least I’m not the only person who noticed that building control device manufacturers like to have hard coded master passwords.